Upload
buiduong
View
216
Download
0
Embed Size (px)
Citation preview
May 2016
Cisco Advanced Malware Protection
The RealityOrganizations Are Under Attack and Malware Is Getting in
Viruses1990-2000
Worms2000-2005
Spyware and Rootkits2005-Today
APTs CyberwareToday +
1990 1995 2000 2005 2010 2015 2020
Phishing, Low
Sophistication Hacking Becomes
an Industry Sophisticated Attacks,
Complex Landscape
of large companies
targeted by malicious traffic95% of organizations interacted
with websites hosting malware100%
Cybercrime is lucrative, barrier to entry is low
Hackers are smarter and have the resources to compromise your organization
Malware is more sophisticated
Organizations face tens of thousands of new malware samples per hour
Malware Will Get Into Your Environment
.
95% of large companies
targeted by malicious traffic
60%of data stolen in hours
65%of organizations say attacks
evaded existing preventative
security tools
$5.9MAverage cost of a breach in
the United States
Once Inside, Organizations Struggleto Deal with It
33% of organizations take 2+
years to discover breach
55%of organizations unable to
determine cause of a breach
45 daysAverage time to resolve
a cyber-attack
54%of breaches remain
undiscovered for months
Antivirus
Legacy IPS
Initial Disposition = Clean Actual Disposition = Bad
Too Late!!
Analysis Stops
Eve
nt
Ho
rizo
n
Sleep Techniques
Unknown Protocols
Encryption
Polymorphism
Blind to scope
of compromise
Point-in-Time Detection Tools Alone Are Insufficient and Provide Limited or No Visibility Into Threats Once They Get in
Not 100%
Continuously
Rapidly
+• Prevention
• Detection
• Containment
• Remediation
Breach
Cisco AMP Provides Threat Intelligence,Point-in-Time Detection, and Continuous Analysis of Files to Defeat Advanced Threats
Attack Continuum
Data Center/Servers EndpointsEmail and Web Network Mobile
Before During AfterBefore
Discover
Enforce
Harden
DuringDetect
Block
Defend
AfterScope
Contain
Remediate
Threat intelligence
and analytics
Point-in-Time
detection
Retrospective
security and
continuous analysis
AMP Provides the Visibility and Control to Effectively Prevent, Block, Detect, and Remediate Advanced Threats
Threat
Intelligence
and Analytics
with
Point-in-Time
Protection
with
Continuous
Analysis and
Retrospective
Security
with
2. Control
1. Visibility See
Prevent
Before an attack
Detect
Block and
Contain
During an attack
Record,
Analyze, Detect
Remediate
After an attack
Learn about threats faster
Threat Intelligence and Advanced AnalyticsAMP Strengthens Defenses Using Threat Intelligence and Malware Analysis
Extensive and growing back-end research on the latest threats and security trendsKnowledge
base
Analytics and behavioral indicators for your system written in plain English Insight
Team of threat analysts/researches working to provide you with the latest threat intelligence 24/7Expertise
13 billionweb requests per day
100 TBof data received daily
1.1 millionincoming malware
samples per day
35% worldwide email traffic
Threat Intelligence and Advanced AnalyticsThe Numbers
1.6 million global sensors
100 TB of data received
per day
150 million+
deployed endpoints
Experienced team of
engineers, technicians,
and researchers
35% worldwide email traffic
13 billion web requests
24x7x365 operations
4.3 billion web blocks
per day
40+ languages
1.1 million incoming
malware samples per day
AMP Community
Private/Public
Threat Feeds
Talos Security Intelligence
AMP Threat Grid
Intelligence
AMP Threat Grid Dynamic
Analysis
10 million files/month
Advanced Microsoft
and Industry Disclosures
Snort and ClamAV Open
Source Communities
AEGIS Program
Web
WWW
Endpoints DevicesNetworksEmail IPSAutomatic
updates
in real time
101000 0110 00 0111000 111010011 101 1100001 110
1100001110001110 1001 1101 1110011 0110011 101000 0110 00
1001 1101 1110011 0110011 101000 0110 00
101000 0110 00 0111000 111010011 101 1100001
1100001110001110 1001 1101 1110011 0110011 10100
1001 1101 1110011 0110011 101000 0110 00
Cisco®
Collective
Security
IntelligenceCisco Collective
Security Intelligence Cloud
AMPAdvanced Malware Protection
Point-in-Time DetectionAMP Delivers the First Line of Defense, Blocking Known and Emerging Threats with Point-in-Time Defenses
One-to-one signature
Fuzzy finger-printing
Machine learning
Advanced analytics
Static and dynamic analysis
(sandboxing)
Offer better accuracy and dispositioning
Block known and emerging threats
Protect your business with no lag
Automatically stop as many threats as possible, known and unknown
But Point-in-Time Detection Alone Will Never Be100% Effective
Continuous Analysis and Retrospective SecurityOnly AMP Continuously Monitors and Analyzes All File Activity, Regardless of Disposition
Across all control points
To answer the questions that matter…
Take advantage of key capabilities
Web
WWW
EndpointsEmail Network
Mobile
Track it’s rate of progression
and how it spread
See what it is doingIdentify a threat’s
point of origin
See where it's been Surgically target
and remediate
The AMP Everywhere ArchitectureAMP Protection Across the Extended Network for an Integrated Threat Defense
AMP
Threat Intelligence
Cloud
Windows OS Android Mobile Virtual MAC OSCentOS, Red Hat
Linux for servers
and datacenters
AMP on Web and Email Security AppliancesAMP on Cisco® ASA Firewall
with Firepower Services
AMP Private Cloud Virtual Appliance
AMP on Firepower NGIPS
Appliance
(AMP for Networks)
AMP on Cloud Web Security and Hosted Email
CWS/CTA
Threat Grid
Malware Analysis + Threat
Intelligence Engine
AMP on ISR with Firepower
Services
AMP for Endpoints
AMP for Endpoints
Remote Endpoints
AMP for Endpoints can be
launched from AnyConnect
Deployment Options in Detail
AMP on ESA, WSA, ASA, CWS
AMP for Networks(AMP on FirePOWER
Network Appliance)
AMP for
Endpoints
AMP
Private Cloud
Virtual Appliance
License with ESA, WSA, CWS,
or ASA customersSnap into your network
Install lightweight connector
on endpoints
Deploy on-premises
Virtual Appliance
New or existing Cisco
CWS, Email/Web Security,
ASA customers
FirePOWER NGIPS customers
Windows, Mac, Android, Linux,
virtual machines; can also deploy
from AnyConnect client
High-Privacy Environments
ESA/WSA: Prime visibility into
email/web
CWS: web and advanced
malware protection in a cloud-
delivered service
AMP capabilities on ASA with
FirePOWER Services
Wide visibility inside network
Broad selection of features-
before, during, and after
an attack
Comprehensive threat
protection and response
Granular visibility and control
Widest selection of
AMP features
Private Cloud option for
those with high-privacy
requirements
Can deploy full air-gapped
mode or cloud proxy mode
For endpoints and networks
Hybrid or on-premises integrationOn-premises integration in 1H
2016
Integrated into file
analysis featureIntegration coming in 1H 2016
Private
Deployment
options
Method
Ideal for
Details
Threat Grid
If Something Gets in, Retrospective Security Helps You Find Answers to the Most PressingSecurity Questions
What happened?
Where did the malware come from?
Where has the malware been?
What is it doing?
How do we stop it?
See AMP in Action! :
https://www.youtube.com/watch?v=sRqlHdxAP5g